Research On Cross-domain Authentication Based On Blockchain PKI System

The development of smart cities continuously enriches the application scenarios of the Internet of Vehicles,but at the same time increases the complexity of the Internet of Vehicles network environment,showing the characteristics of ubiquity and heterogeneity.Moreover,the expansion of geographical scope also makes it impossible for single-domain information sharing to meet the actual needs of users.In order to establish the mutual trust between entities in the system and break the information island to obtain data support,cross-domain identity authentication operation is needed.The identity authentication and security trust issues faced by the Internet of vehicles are often solved using public key infrastructure(PKI)systems,but PKI systems have many problems such as overly centralized CA authority,high certificate management costs,and complex cross-domain authentication paths.The decentralized distributed structure,tamper-proof,traceable and other features of blockchain are highly complementary to the PKI system.In this regard,this thesis uses blockchain combined with PKI system to meet authentication requirements,and proposes cross-domain authentication schemes based on single-chain and master-slave chain structures.The main work is as follows:(1)In response to the problems of single points of failure and high certificate management costs in PKI models,this thesis proposes a blockchain-based PKI system identity authentication model,utilizing the automation features of smart contracts to manage the lifecycle of digital certificates and implementing a lightweight authentication architecture centered on users,providing important support for subsequent cross-domain message authentication and cross-domain information security sharing.(2)Aiming at cross-domain scenarios with different levels of privacy and security requirements,this thesis proposes a cross-domain authentication scheme based on intelligent contract and PKI system.First of all,for general cross-domain scenarios with low demand,trust chain based on smart contract is used to replace the traditional CA certificate trust chain,avoiding the repeated issuance and verification process of CA trust certificate.The scheme has higher authentication efficiency and is easy to expand.Secondly,for the special cross-domain scenario with high demand,this thesis uses the Merkle tree to anchor identity attribute data on and off the blockchain chain to provide identity attribute authentication service directly while protecting privacy.Finally,the cost,performance and safety of the proposed scheme are analyzed comprehensively,and the results show that the proposed scheme has certain advantages.(3)Aiming at the problem that the single-chain structure of blockchain cannot cope with cross-domain authentication in complex network topology environment,this thesis proposes a cross-domain authentication scheme based on master-slave chain and trust evaluation.The master-slave chain architecture has stronger scalability,and based on this,the cross-domain authentication protocol is designed to meet the cross-domain authentication requirements of user nodes in complex networks.At the same time,in order to limit the occurrence of malicious behaviors and prevent the cross-domain access from nodes with low permission to nodes with high permission,a node cross-domain trust degree evaluation method is designed to realize the security and controllability of cross-domain information sharing.Finally,experimental analysis is carried out,and the results show that the proposed scheme can effectively restrict the malicious behavior of nodes,has a certain granularity of access control,and has excellent performance in cross-domain security as well as storage and computing overhead.